On 29th July, RedHat disclosed a Boot hole vulnerability in the grub2 (CVE-2020-1073).This flaw allows an attacker, already on the system, to hijack the boot process and execute malicious code during system startup.
As of this writing, RedHat is still working to release new patches to fix this vulnerability.
At Bobcares, we constantly monitor servers and patch up server against server vulnerabilities as part of our Server Management Services.
Today, we’ll see more about the boot hole vulnerability and the tips to avoid risk.
What is Boot Hole vulnerability CVE-2020-1073?
“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices for attack. This vulnerability uses the GRUB2 bootloader to perform arbitrary code execution during the boot process, even when Secure Boot is enabled.
In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system. With this access, they could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB.
Are we affected with Boot Hole vulnerability (CVE-2020-1073)?
The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected.
The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.
Further a vulnerability detection script is available online to check if our system is currently vulnerable to this flaw.
Tips to avoid risk
As we discussed earlier, RedHat is currently working on releasing new patches to fix this vulnerability.
In the meantime, it is strongly recommended that Red Hat customers do not apply grub2, fwupd, fwupdate or shim updates until new packages are available. However, there are some tips available to remediate the effects of the update. The steps to be follow after a reboot and before a reboot varies. Let us look at them in detail.
Before system reboot
- First, we need to Downgrade the packages immediately
# yum downgrade shim\* grub2\* mokutil - Then, Protect
yumfrom upgrading the packages by adding the following entry in/etc/yum.confexclude=grub2* shim* mokutil
After system reboot
- Boot the system with the RHEL DVD in Troubleshooting mode
- Set up the network.
- Enter the chroot
# chroot /mnt/sysimage - Downgrade the packages
# yum downgrade shim\* grub2\* mokutil - Protect
yumfrom upgrading the packages by adding the following entry in/etc/yum.confexclude=grub2* shim* mokutil - Exit the chroot and reboot
# exit # exit
[Need any further assistance in applying patches? – We’re available 24*7]
Conclusion
In short, the Boot hole vulnerability in the grub2 (CVE-2020-1073) allows an attacker, already on the system, to hijack the boot process and execute malicious code during system startup.Today, we saw how our Support Engineers fix this error.
0 Comments